Privacy policy

Privacy policy

In compliance with the provisions of the regulations on the protection of personal data, in particular Organic Law 3/2018, of December 5, on Protection of Personal Data and guarantee of digital rights, and the Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter, GDPR), we inform you below how your personal data will be processed.

This Privacy Policy shall apply exclusively to the processing of personal data carried out by Redeia Corporación S.A. (hereinafter, “Redeia”) through https://www.redeia.com/es. The processing of personal data carried out through specific domains shall be governed by their respective privacy policies, such as:

 

Likewise, the basic information provided individually on the processing of your data may contain specific conditions that will prevail over this Privacy Policy.

To ensure proper management in the processing of your data, Redeia has appointed a Data Protection Officer, who you can contact for any question you may need to ask at the email address dpd@redeia.com.

This Privacy Policy may be modified by Redeia as required. If changes are made, we will let you know through this website or by other means, so that you can learn about the new Privacy conditions. Continued use of the functionalities made available by Redeia, once the aforementioned modifications have been notified, will constitute your acceptance of them, except in those cases in which your express consent is necessary.

Who is the data controller? 

Your data will be processed by Redeia Corporación, S.A. (Redeia) and/or by the companies that make up Redeia, depending on the recipient of your request or the relationship you have established with each of them. You can consult the companies that form part of Redeia at https://www.redeia.com/es/nuestros-servicios, about which we provide further information below:

Identity of the main entity: Redeia Corporación S.A. with C.I.F. (tax ID number):: A-78003662.

Other Redeia companies responsible for the processing:

  • Red Eléctrica de España S.A. Unipersonal with C.I.F.: A-85309219.
  • Red Eléctrica Internacional S.A.U. with C.I.F.: A-82852906.
  • Red Eléctrica de España Finance, B.V. with registration number: NL812199017B01.
  • Redeia Financiaciones S.L.U., with C.I.F.: B-42954917.
  • REDCOR Reaseguros, S.A. with registration number: B153252.
  • Redeia Infraestructuras de Telecomunicación, S.A. with C.I.F.: A-87323127.
  • Red Eléctrica Infraestructuras en Canarias, S.A.U. with C.I.F.: A-76234822.
  • Redeia Sistemas de Telecomunicaciones S.A.U. with C.I.F.: A-88044144.
  • Elewit, S.A.U. with C.I.F.: A-88409990.

Postal address for notification purposes: Paseo Conde de los Gaitanes nº 177, La Moraleja, 28109 Alcobendas (Madrid).

What type of data do we process and from where are they sourced?

Redeia may process the following types of personal data, depending on the relationship established with the data subject:

  • Identification and contact data (e.g. first name, surnames, identity document, telephone, email, country of residence).
  • Browsing data (e.g. use of the website, sections visited).
  • Voice data, obtained as a result of recording telephone calls.
  • Other types of data. Exclusively in the event that the data subject has voluntarily provided another type of data, deeming it relevant to their request or query and/or by other means (e.g., provided via telephone queries).

The data that Redeia processes may come from the following sources, depending on the relationship established with the data subject:

  • Data provided by the data subject by filling in forms made available by Redeia, by sending emails or by any other means by which the data subject communicates with Redeia.
  • Data generated as a result of browsing and use of the website by the data subject.

For what purpose will we process your personal data and what is the lawful basis?              

In general, your data will be processed by Redeia for the fulfilment of the following purposes:

  1. Management of users and provision of services offered through our website.

    Description of the purpose:

    Redeia will process your data to provide you with the services we offer on our website and manage registrations as a user in those sections of the website that require prior registration to access the reserved area.

    Lawful basis for processing:

    Art. 6.1.b) GDPR – the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

    Data processed for this purpose:

    Identification and contact data (name, surnames, postal or electronic address, identity document, telephone number) and data related to the position, job or professional function performed, if applicable.

  2. Manage requests for information, queries, and questions through the forms enabled on the web, through postal or electronic mail, or by telephone contact.

    Description of the purpose:

    Redeia will process your data to respond to requests, queries, requests and doubts made available to us through forms provided for this purpose on the website, by email or post, or by telephone contact, and put at your disposal solutions that suit your needs. Phone calls may be recorded in order to ensure the quality of the service and for security purposes.

    Lawful basis for processing:

    Art. 6.1b) GDPR – the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

    Data processed for this purpose:

    Identification and contact data (first name, surnames, identity document, postal or electronic address, telephone number, voice).

  3. Compliance with legal obligations required of Redeia.

    Description of the purpose:

    Redeia, in its capacity as data controller, is obliged to comply with the provisions, among others, with the regulations of the electricity sector, as well as with those obligations necessary for the fulfilment of the functions as operator of the electricity system and manager of the electricity transmission grid. This requires you to provide your personal data to Public Administration bodies, courts, regulatory bodies and Spanish law enforcement authorities.

    Lawful basis for processing:

    Art. 6.1c) GDPR – the processing is necessary for compliance with a legal obligation to which the controller is subject.

    Data processed for this purpose:

    Identification and contact data (first name, surnames, identity document).

  4. Sending of information bulletins and subscription to newsletters.

    Description of the purpose:

    Redeia provides forms where you can grant your freely given, specific, informed and unambiguous consent to authorise the receipt of information through bulletins or newsletters, both by ordinary and electronic means, as well as information about the activities organised by the company.

    Lawful basis for processing:

    Art. 6.1a) GDPR – the data subject gave their consent for the processing of their personal data for one or more specific purposes.

    Data processed for this purpose:

    Identification and contact data (name, surnames, postal or electronic address). It should be noted that you may object at any time to the purpose of processing your personal data for informational or advertising purposes by Redeia, using the channels enabled for this, as detailed in the section “What are your rights when you provide us with your data?”.

  5. Developing perception studies.

    Description of the purpose:

    In order to be able to verify your degree of satisfaction with the work carried out by Redeia, we may carry out perception studies to improve the quality of our procedures and services.

    Lawful basis for processing:

    Art. 6.1f) GDPR – the processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party.

    Data processed for this purpose:

    Contact data (first name, surnames, postal or electronic address, contact telephone number) and data relating to the position, job or professional function performed.

  6. Use of cookies and analysis of web browsing.

    Description of the purpose:

    Redeia may process your browsing data to manage the correct functioning of the website, analyse how users interact with it, as well as to improve the quality of the services offered and the browsing experience. For these purposes, cookies and similar technologies may be used to analyse user behaviour in an aggregated or individual manner.

    Likewise, Redeia informs you that it does not carry out individual profiling processes that produce legal effects concerning you or similarly significantly affect you.

    In any case, you can obtain more information about the use of cookies, as well as how to manage or deactivate them, through the Cookies Policy.

    Lawful basis for processing:

    Art. 6.1.a) GDPR – consent of the data subject, for the installation of analytical and non-essential cookies.

    Art. 6.1.f) GDPR – legitimate interest of Redeia for the use of technical or strictly necessary cookies for the functioning of the website.

    Data processed for this purpose:

    Browsing data (e.g., IP address, online identifiers, device information, pages visited, time spent on the site, navigation within the website).

  7. Guaranteeing website security and preventing misuse.

    Description of the purpose:

    Redeia will process your data in order to guarantee the security of the website, prevent unauthorised access or cyberattacks, and detect, investigate and, where appropriate, mitigate situations that could compromise the confidentiality, integrity, or availability of information and systems.

    Furthermore, these processing activities ensure the correct technical functioning of the website and protect both Redeia and its users against potential fraudulent or improper use.

    Lawful basis for processing:

    Art. 6.1.f) GDPR – legitimate interest of Redeia in ensuring the security of its systems, networks, and the information processed.

    Data processed for this purpose:

    Browsing data (e.g., IP address, access records, online identifiers, device information, activity logs).

  8. Management of relationships with representatives and contact persons of entities.

    Description of the purpose:

    Redeia will process your personal data when you act as a legal representative or contact person for public or private entities (clients, suppliers, collaborators, institutions, or other third parties) in order to maintain, manage, and develop the professional, administrative, contractual, or institutional relationship, as well as to facilitate necessary communications within the framework of said relationship.

    Lawful basis for processing:

    Art. 6.1.f) GDPR – the processing is necessary for the purposes of the legitimate interests pursued by the data controller, consisting of properly managing relationships with the entities it interacts with, in accordance with Article 19 of the LOPDGDD.

    Likewise, where applicable, Art. 6.1.b) GDPR shall apply – the processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract.

    Data processed for this purpose:

    Identification and contact data (first name and surnames, job title or position, company or entity to which you belong, postal or electronic address, and contact telephone number), as well as, where applicable, data relating to the professional function performed.

 

In any case, and if it is necessary for the fulfilment of the processing purposes, Redeia may give access to personal data to third party service providers, who will access them as data processors. Should this access involve the transfer of your personal data outside the European Economic Area, Redeia ensures the existence of adequate mechanisms and safeguards provided for by the applicable regulations (e.g., Standard Contractual Clauses) to guarantee that the third party accessing your data applies a level of security equivalent to that required by European data regulations.

How will the data of minors be processed?

In general, the contents and services of Redeia are directed and designed mostly for people over 18 years of age.

However, there is content on our website intended for minors which includes online games to which they can have access.

In such cases, Redeia will request the consent of the holders of parental authority or guardianship, or legal representatives, under the terms established in current legislation, for data subjects under 14 years of age, never collecting or processing personal data without fully complying with the requirements established in the applicable data protection regulations regarding the duty to inform and the obtainment of any necessary consents.

How long will we store your data?

Redeia will store the personal data provided for the period necessary to manage your request, query, suggestion, complaint or claim, or as long as the contractual relationship is maintained, its erasure or objection is not requested by the data subject and they should not be deleted since they are necessary to comply with a legal obligation or for the establishment, exercise or defence of legal claims.

In this regard, once its relationship with you has ended, Redeia will keep your personal data duly blocked, except for making them available to Public Administrations, Judges, and Courts to address any potential liabilities arising from the processing, as well as for the exercise and defence of claims before the Spanish Data Protection Agency. The data shall be retained for the statutory limitation period of any actions that may arise from the relationship maintained with the data subject.

Your personal data will be stored for the time necessary to fulfil the purpose for which it was collected. If your data is used for several purposes that require us to store it for different periods, we will apply the longest retention period.

How do we collect your data?

In each process in which you provide your personal data, you will be informed of the mandatory or optional nature of its completion (for example, marking with asterisks those fields in which mandatory data is requested), and of the consequences of not providing said data.

Through this Privacy Policy, you declare that the information and data you provide us with are accurate and truthful, with Redeia reserving the right to exclude from its services any data subjects who have provided false data, without prejudice to the possibility of initiating legal action. You will be solely responsible for any false or inaccurate statements you make and for the damages that this may cause to Redeia or third parties.

If, by means of any form, you provide us with third-party personal data, you guarantee that you have informed said third party of this Privacy Policy and that you have obtained their authorisation to provide Redeia with their data for the purposes indicated.

In compliance with article 14 of the GDPR, Redeia undertakes to provide any third party whose personal data you provide to us with the relevant information.

To which recipients will your data be disclosed?

Redeia will disclose and transfer your personal data for the fulfilment of the aforementioned purposes and on the aforementioned legal bases for processing to:

  • The Redeia companies, which you can consult at the following link: https://www.redeia.com/es/nuestros-servicios.
  • The Public Administrations and the Administration of Justice, Spanish law enforcement authorities and, in general, competent Authorities when Redeia has the legal obligation to provide them.
  • Redeia suppliers that have access to your personal data that will process said data as Redeia data processors, as a result of the services they provide to Redeia. All suppliers with access to personal data that provide services to Redeia have signed the corresponding data processor agreement in accordance with the provisions of article 28 of the GDPR, taking it upon themselves to comply with the following obligations: apply appropriate technical and organisational measures; process the personal data for the agreed purposes and acting only on the documented instructions of Redeia and the obligation to delete the data once the provision of the services has ended.
  • Due to the activity carried out by Redeia, there is the possibility of international data transfers to countries located outside the European Economic Area (EEA). For cases in which international data transfers are made to countries outside the European Economic Area (EEA) or to countries that do not offer an adequate level of protection, the necessary measures will be applied with adequate guarantees through the use of Standard Contractual Clauses that legitimise international transfer.

How do we guarantee the security of your data?

Redeia applies and maintains appropriate technical and organisational measures to guarantee an adequate level of security based on prior risk analysis.

Specifically, Redeia has established all the technical means at its disposal to prevent the loss, misuse, alteration, unauthorised access and theft of the data you provide us with.

What are your rights when you provide us with your data?

Redeia informs you that you have the right to obtain confirmation on whether we are processing personal data that concerns you or not.

Likewise, Redeia informs you that you may exercise the following rights over your personal data:

  • Access: You have the right to access your data to know what personal data we are processing that concerns you.
  • Rectification or erasure: In some circumstances, you have the right to rectify any personal data that you consider to be inaccurate and that concern you, and that are processed by RE, as well as the right to request the erasure of your data when, among other reasons, the data were no longer necessary for the purposes for which they were collected.
  • Restriction of processing: In some circumstances, you will have the right to request us to limit the processing of your data, in which case we inform you that we will only store the data on which you have requested restriction of processing for the establishment, exercise or defence of legal claims.
  • Portability: In some circumstances, you will have the right to receive the personal data that concern you, and that you have provided us, in a structured, commonly used and machine-readable format, as well as to have them transmitted by Redeia to another data controller.
  • Right to object: In some circumstances, and for reasons related to your particular situation, you will have the right to object to the processing of your data, in which case, we would stop processing them unless we are obliged to continue to do so for compelling legitimate grounds or for the establishment, exercise or defence of legal claims.

To exercise your rights, please submit a letter to the aforementioned postal address or via email to the following address: digame@redeia.com, including in the subject “Data Protection”.

You can also contact our Data Protection Officer at the following address: dpd@redeia.com.

The data controller will take the appropriate measures to provide the data subject with all possible information regarding the processing of their personal data in accordance with their request within a maximum period of one month from the receipt of the request. This period may be extended for two additional months, depending on the complexity of the case and the number of requests.

You must specify which of these rights you are requesting to exercise and, in turn, must prove your identity in the event your identity cannot be confirmed via the communication channel used for the request. In the event that you are represented by a legal or voluntary representative, you must also provide a document proving the representation, as well as the identity of said party.

Additionally, in accordance with article 77 of the GDPR, if you consider that your right to the protection of personal data has been violated, you can file a claim with the supervisory authority, in Spain, the Spanish Agency for Data Protection (www.agpd.es) or apply to the competent court, in accordance with article 79 of the GDPR. Likewise, we hereby inform you that, initially, you may file a complaint with the Data Protection Officer at the following address: dpd@redeia.com.

Update date of this Privacy Policy: June 2026.